folder option Problem
u r pc is infected with some virus or disabled by Someone
may be ravmon.exe
t removes folder options from list
u hav got some tools like RRT to remove restrictions like folder option
u can view all folders(hidden also) after using that tool
download the tool and enjoyyyyyyyy
or
1.Execute Regedit (shortcut, or StartMenu -- Run, and type regedit ..)
2. move with mouse to menu in Regedit's window and go to Edit -- Find (or simply stroke Ctrl+F)
3. Type HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\E xplorer
4. and finally - find REG_DWORD entry, named NoFolderOptions (if it is there at all, but probably it is) See, if mentioned entry has value 1 ... If it has, simply change it to 0, and that should do the trick
drives don open with doubleclick
The symptom occurs because when autorun.vbs is created by trojan horse or virus.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit=userinit.exe,autorun.exe
Finally, autorun.bat will call wscript.exe to run autorun.vbs.
When antivirus or security software detected the autorun.vbs file as infected, the file will be deleted or removed or quarantined. However, other files (autorun.*) and registry value still referring to autorun.vbs, and this document no longer exists, hence the error when users double
click to open a drive folder. To correct and solve this error, follow this steps:
Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
Stop wscript.exe process if available by highlighting the process name and clicking End Process.
Then terminate explorer.exe process.
In Task Manager, click on File -> New Task (Run…).
Type “cmd” (without quotes) into the Open text box and click OK.
Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected. then in Task Manager, click on File -> New Task (Run…).
Type “regedit” (without quotes) into the Open text box and click OK.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma
which is also needed):
“Userinit”=”C:\WINDOWS\system32\userinit.exe,”
If the value is incorrent, modify it to the valid value data.
Or
whenever u bring a USB from an untrusted source, or u are suspicious, u right click the drive --->explore. This way the trojan, if present wont run. Also, if a drive doesnt open due to trojan, for the time being u can open it by right click drive--->explore. After that u can unhide hidden files and system files from the folder options to search for suspicious files and folders and remove/rename them. In USBs, the trojans come with an autorun.ini/.inf and the trojan program which gets executed by the script in the autorun.ini/inf Lets see wether your system is infected or not... Download HijackThis
Install and run this software
Click "Do a system and save logfile"
There are chances of possible malware present in your system that's why i suggested this software.
desktop_ini Trojan
well this is a nearly harmless virus, i'm also infected with this...........but don't worry do the following go to my computer right-click on C drive and choose serch option enter the keyword u mention & click on search(after enablibg all options except case sensitive from more advanced option) after finishing search select all what the search shows and press shift+del do the same for remaining drives
Brontok Worm Problem
Brontok is a computer worm, which spreads through emails and USB drives.There are so many variants of brontok but they basically work Similarly. How do I know if my system is infected? You can’t start Regedit.exe
When trying to start any other registry editor, the system restarts The system also restarts when executing certain EXE files The presence of the following files:
%WINDIR%\eksplorasi.pif
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
%UserProfile%\Start Menu\Programs\Startup\Empty.pif
%UserProfile%\Templates\WowTumpeh.com
%WINDIR%\%CURRENT_USER%’s Setting.scr
%WINDIR%\ShellNew\bronstab.exe
All these files have the size of the worm’s main executable: 42,028
Bytes (About 42 KB).
Due to the attack of w32.USBWorm , the users may not be able to use Mozilla Firefox. And, when you use Internet explorer to open Orkut, you see a message. Also, the hidden files are not shown, even if we have selected Show hidden files in Folder Options.To resolve this problem, click here after you complete the below given steps.
Warning: Turn off System Restore before following these steps.
Tip: Its better to do the work in Safe mode.
You can try the following steps to resolve the problem:
Steps:
1. Press Ctrl+Alt+Del to open Task Manager. (Task Manager Disabled?)
2. Go to the Processes tab.
3. Click on Image Name tab to sort in accordance to name.
4. look for Image Name svchost.exe . There will be many, but click on which has User Name as
your user name .
5. After clicking on it, press Delete button (or click on End Process button). Click on Yes for confirmation.
6. Soon after the above step is done, select Run (?) from Start menu.
Type as follows:
C:\heap41a and press Enter. (Where C: is the Windows drive)
That takes you to a hidden folder heap41a in Windows drive.
7. Delete all files in that folder.
8. Now, start Registry Editor. (Start > Run > regedit) [(No Run?)(Regedit disabled?)]
9. Press Ctrl+F . Type heap41a and press Enter.
You can find two entries while you are finding, such as..
C:\heap41a\svchost.exe
C:\heap(some number)\std.txt
Delete both the entries.
10. Close the Registry Editor.
u r pc is infected with some virus or disabled by Someone
may be ravmon.exe
t removes folder options from list
u hav got some tools like RRT to remove restrictions like folder option
u can view all folders(hidden also) after using that tool
download the tool and enjoyyyyyyyy
or
1.Execute Regedit (shortcut, or StartMenu -- Run, and type regedit ..)
2. move with mouse to menu in Regedit's window and go to Edit -- Find (or simply stroke Ctrl+F)
3. Type HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\E xplorer
4. and finally - find REG_DWORD entry, named NoFolderOptions (if it is there at all, but probably it is) See, if mentioned entry has value 1 ... If it has, simply change it to 0, and that should do the trick
drives don open with doubleclick
The symptom occurs because when autorun.vbs is created by trojan horse or virus.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit=userinit.exe,autorun.exe
Finally, autorun.bat will call wscript.exe to run autorun.vbs.
When antivirus or security software detected the autorun.vbs file as infected, the file will be deleted or removed or quarantined. However, other files (autorun.*) and registry value still referring to autorun.vbs, and this document no longer exists, hence the error when users double
click to open a drive folder. To correct and solve this error, follow this steps:
Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
Stop wscript.exe process if available by highlighting the process name and clicking End Process.
Then terminate explorer.exe process.
In Task Manager, click on File -> New Task (Run…).
Type “cmd” (without quotes) into the Open text box and click OK.
Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected. then in Task Manager, click on File -> New Task (Run…).
Type “regedit” (without quotes) into the Open text box and click OK.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma
which is also needed):
“Userinit”=”C:\WINDOWS\system32\userinit.exe,”
If the value is incorrent, modify it to the valid value data.
Or
whenever u bring a USB from an untrusted source, or u are suspicious, u right click the drive --->explore. This way the trojan, if present wont run. Also, if a drive doesnt open due to trojan, for the time being u can open it by right click drive--->explore. After that u can unhide hidden files and system files from the folder options to search for suspicious files and folders and remove/rename them. In USBs, the trojans come with an autorun.ini/.inf and the trojan program which gets executed by the script in the autorun.ini/inf Lets see wether your system is infected or not... Download HijackThis
Install and run this software
Click "Do a system and save logfile"
There are chances of possible malware present in your system that's why i suggested this software.
desktop_ini Trojan
well this is a nearly harmless virus, i'm also infected with this...........but don't worry do the following go to my computer right-click on C drive and choose serch option enter the keyword u mention & click on search(after enablibg all options except case sensitive from more advanced option) after finishing search select all what the search shows and press shift+del do the same for remaining drives
Brontok Worm Problem
Brontok is a computer worm, which spreads through emails and USB drives.There are so many variants of brontok but they basically work Similarly. How do I know if my system is infected? You can’t start Regedit.exe
When trying to start any other registry editor, the system restarts The system also restarts when executing certain EXE files The presence of the following files:
%WINDIR%\eksplorasi.pif
%UserProfile%\Local Settings\Application Data\smss.exe
%UserProfile%\Local Settings\Application Data\services.exe
%UserProfile%\Local Settings\Application Data\lsass.exe
%UserProfile%\Local Settings\Application Data\csrss.exe
%UserProfile%\Local Settings\Application Data\inetinfo.exe
%UserProfile%\Local Settings\Application Data\winlogon.exe
%UserProfile%\Start Menu\Programs\Startup\Empty.pif
%UserProfile%\Templates\WowTumpeh.com
%WINDIR%\%CURRENT_USER%’s Setting.scr
%WINDIR%\ShellNew\bronstab.exe
All these files have the size of the worm’s main executable: 42,028
Bytes (About 42 KB).
What does it do?
Disable Folder Optionsa
Disable Registry Editor
Installs itself in the startup
When in memory, it will restart the system if any program involving the Registry is started
How to remove Brontok?
Download and run this brontok removal tool from Bitdefender. This tool Will kill the brontok process, restore folder options and registry.
Due to the attack of w32.USBWorm , the users may not be able to use Mozilla Firefox. And, when you use Internet explorer to open Orkut, you see a message. Also, the hidden files are not shown, even if we have selected Show hidden files in Folder Options.To resolve this problem, click here after you complete the below given steps.
Warning: Turn off System Restore before following these steps.
Tip: Its better to do the work in Safe mode.
You can try the following steps to resolve the problem:
Steps:
1. Press Ctrl+Alt+Del to open Task Manager. (Task Manager Disabled?)
2. Go to the Processes tab.
3. Click on Image Name tab to sort in accordance to name.
4. look for Image Name svchost.exe . There will be many, but click on which has User Name as
your user name .
5. After clicking on it, press Delete button (or click on End Process button). Click on Yes for confirmation.
6. Soon after the above step is done, select Run (?) from Start menu.
Type as follows:
C:\heap41a and press Enter. (Where C: is the Windows drive)
That takes you to a hidden folder heap41a in Windows drive.
7. Delete all files in that folder.
8. Now, start Registry Editor. (Start > Run > regedit) [(No Run?)(Regedit disabled?)]
9. Press Ctrl+F . Type heap41a and press Enter.
You can find two entries while you are finding, such as..
C:\heap41a\svchost.exe
C:\heap(some number)\std.txt
Delete both the entries.
10. Close the Registry Editor.
1 comment:
Thanks for your solution.My frnd's PC have been facing the same prob since many months.I hope it really works.And Thanks for ur elaborative work.
Post a Comment